Privacy Policy.

What this policy covers.

This Privacy Policy applies to personal information collected by Studio Park Design through the website located at studioparkdesign.com and through direct correspondence such as email and project communications.

This policy does not apply to third-party websites or services we link to, including client websites in our portfolio, the websites of our affiliated studios (Premium Audio Services, Brainfood Advertising), or any external service providers we reference. Those parties operate under their own privacy policies.

Definitions used in this policy

• “Personal information” means any information that identifies, relates to, describes, or could reasonably be linked to a specific individual or household. Examples include your name, email address, phone number, IP address, and online identifiers.
• “Processing” means any operation performed on personal information — including collecting, storing, using, disclosing, transferring, or deleting.
• “You” or “your” means the individual visiting the website or communicating with us.
• “We,” “us,” “our,” or “Studio Park” means Studio Park Design, operated by Miche Park as a sole proprietorship in Burbank, California.

The party responsible for your data.

Studio Park Design is a sole-proprietorship web design studio operated by Miche Park, located in Burbank, California, United States. For the purposes of applicable data protection laws, including the EU and UK General Data Protection Regulation (GDPR), Studio Park acts as the data controller for personal information collected through this website.

We are not currently required to appoint a Data Protection Officer (DPO) under GDPR. If our processing activities expand to require one, this policy will be updated.

What we collect, and how.

We collect personal information that you voluntarily provide to us, as well as certain technical information that is automatically collected when you interact with our website.

Information you provide directly

• Identifiers. Your name, email address, phone number (optional), and business name.
• Project information. Details about your project, goals, budget range, timeline, and any files or materials you share with us.
• Communications. The content of emails, messages, and any correspondence between us, including attachments.
• Payment information. For paid engagements, billing details are collected directly by our payment processors. Studio Park does not store full payment card numbers on its servers.

Information collected automatically

• Device and browser data. IP address, browser type and version, operating system, device type, screen resolution, and referring URL.
• Usage data. Pages viewed, time spent on pages, links clicked, and navigation paths through the site.
• Cookies and similar technologies. Small data files stored on your device. See Section 06 for details.

Sources of information

We collect personal information directly from you (when you submit a form, email us, or sign a contract), automatically from your device (cookies, server logs), and occasionally from third-party services you authorize (such as a referral via a partner studio).

Consequence of not providing information: If you choose not to share contact information, we won’t be able to respond to your inquiry, provide a quote, or work with you on a project. Visiting the website without submitting any forms is always optional.

Why we have your data.

We use the information we collect for the following business purposes:

• To respond to inquiries. Reply to your questions, schedule consultations, and provide project quotes.
• To deliver services. Design, build, and maintain client websites; communicate about active projects; process payments; and provide ongoing support.
• To operate the website. Ensure the site loads correctly, troubleshoot errors, and protect against fraud or abuse.
• To improve our work. Analyze aggregated traffic and usage patterns to understand how visitors find and use the site.
• To comply with legal obligations. Maintain tax records, respond to lawful requests from government authorities, and enforce our agreements.
• To protect our rights. Investigate potential violations of our terms, defend against legal claims, and protect the safety and rights of Studio Park, our clients, and the public.

We do not sell, rent, or trade personal information to third parties for their independent marketing purposes. We do not share personal information with advertisers, data brokers, or any party that would use it for cross-context behavioral advertising.

Why we’re allowed to process your data (GDPR).

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with comparable laws, we rely on one or more of the following legal bases to process your personal information:

When we rely on legitimate interests, we balance our business interests against your privacy rights. You have the right to object to processing based on legitimate interests at any time. When we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing already carried out.

Cookies, in plain English.

A cookie is a small text file stored on your device when you visit a website. We use cookies and similar technologies (such as web beacons and local storage) for the following purposes:

Managing cookies. Most browsers let you view, manage, and delete cookies through their settings. You can also opt out of Google Analytics tracking specifically by installing the Google Analytics opt-out browser add-on.

Disabling cookies may affect the functionality of the website, including the ability to submit forms or display content correctly.

Do Not Track signals.

Some web browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no industry-standard interpretation of these signals, our website does not currently respond to them. We treat all visitors consistently, regardless of DNT settings.

If you wish to limit tracking, you can disable cookies in your browser, use private browsing modes, or install opt-out tools such as those referenced in Section 06. California residents also have the right to opt out of certain data sharing under the California Consumer Privacy Act — see Section 12.

Who else sees your data.

We use a limited number of trusted third-party services to operate our business. These services act as data processors on our behalf and are bound by their own privacy commitments:

We do not sell or rent personal information. We may disclose information to third parties only: (a) to the service providers listed above for the business purposes described; (b) to comply with a legal obligation, court order, or government request; (c) to defend our legal rights or investigate suspected wrongdoing; or (d) in connection with a merger, acquisition, or sale of business assets — in which case affected users will be notified.

When data crosses borders.

Studio Park is based in the United States. The personal information we collect is stored and processed in the U.S. and may be transferred to other jurisdictions where our service providers operate.

If you are located in the European Economic Area, United Kingdom, or another region with data transfer restrictions, please note that transfers of personal information to the U.S. and other countries may not be subject to the same level of legal protection as in your home jurisdiction.

Where required by law, we rely on appropriate safeguards for international transfers, including the Standard Contractual Clauses approved by the European Commission, or other adequacy mechanisms recognized under applicable law. Many of our service providers (including Google) maintain their own EU-U.S. Data Privacy Framework certifications.

How long we keep your data.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal, accounting, and reporting obligations.

You may request earlier deletion of your personal information by emailing us at mimi4ra@gmail.com, subject to our right to retain information as required by law.

What you can ask us to do.

Depending on your location, you may have the following rights regarding your personal information:

• Right to access. Request a copy of the personal information we hold about you and information about how we process it.
• Right to correct. Request that we update inaccurate or incomplete information.
• Right to delete. Request that we erase your personal information, subject to legal record-keeping requirements.
• Right to restrict processing. Request that we limit how we process your information in certain circumstances.
• Right to object. Object to processing based on legitimate interests, including for analytics purposes.
• Right to data portability. Receive personal information you have provided to us in a structured, commonly-used, machine-readable format, where technically feasible.
• Right to withdraw consent. Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

How to make a request. Email us at mimi4ra@gmail.com with the subject line “Privacy Rights Request” and describe the right you want to exercise. We will verify your identity before responding to protect your information.

Response time. We will respond within 30 days for GDPR requests and within 45 days for California Consumer Privacy Act (CCPA) requests, as required by law. If we need additional time, we will notify you and explain why.

No discrimination. We will not deny you services, charge you different prices, or provide a different level of service because you exercised your privacy rights.

Rights for California residents (CCPA/CPRA).

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides additional rights regarding your personal information.

Categories of personal information we collect

In the past 12 months, we have collected the following categories of personal information as defined under the CCPA:

• Identifiers. Name, email address, phone number, IP address, online identifiers.
• Customer records. Information you provide when becoming a client (business name, project details, billing info via processor).
• Commercial information. Records of services purchased or inquired about.
• Internet activity. Browsing history, search history, and information about your interaction with the website (via analytics).
• Geolocation data. Approximate location derived from IP address.
• Inferences. Aggregated patterns derived from the above to understand visitor behavior.

Sources, purposes, and disclosures

• Sources: Directly from you, automatically from your device, and from our service providers listed in Section 08.
• Business purposes: The purposes described in Section 04 of this policy.
• Categories of recipients: The service providers listed in Section 08. We do not share personal information with any other third parties for their own purposes.

Your CCPA rights

• Right to know. Request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes, and the categories of third parties with whom we share information.
• Right to delete. Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to correct. Request correction of inaccurate personal information.
• Right to opt out of sale or sharing. We do not sell personal information and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined under the CPRA.
• Right to non-discrimination. We will not retaliate against you for exercising any of these rights.

How to submit a request

California residents may submit a verifiable consumer request by email to mimi4ra@gmail.com with the subject line “California Privacy Request,” or by mail to the address in Section 02.

Authorized agents. You may designate an authorized agent to make a request on your behalf. We will require written authorization signed by you and verification of the agent’s identity.

Shine the Light. California Civil Code § 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes. We do not share personal information for third-party direct marketing.

Privacy of minors.

Our website and services are intended for adults and are not directed to children. We do not knowingly collect personal information from:

• Children under 13, in accordance with the U.S. Children’s Online Privacy Protection Act (COPPA).
• Children under 16, in accordance with the EU and UK General Data Protection Regulation (GDPR-K).

If you are a parent or guardian and believe that a child has provided us with personal information without your consent, please contact us at mimi4ra@gmail.com. We will verify the request and promptly delete the information from our records.

How we protect your data.

We implement reasonable and appropriate technical and organizational security measures to protect personal information against loss, theft, unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption in transit. All data submitted through the website is transmitted over HTTPS using TLS encryption.
• Access controls. Administrative access to client data is limited and protected by strong passwords and two-factor authentication where supported.
• Reputable service providers. We use established hosting, email, and payment providers with their own enterprise-grade security programs.
• Regular updates. Software, plugins, and themes used on the website are kept up to date to address known vulnerabilities.

No method of transmission over the internet or electronic storage is 100% secure. While we work diligently to safeguard your information, we cannot guarantee absolute security.

Data breach notification

If we become aware of a data breach involving your personal information, we will notify you and the appropriate regulatory authorities in accordance with applicable law. For GDPR-protected data, this means notifying the relevant supervisory authority within 72 hours where feasible, and notifying affected individuals without undue delay when there is a high risk to their rights and freedoms.

Other websites we link to.

Our website contains links to third-party websites, including client portfolio sites, the websites of our affiliated studios (Premium Audio Services, Brainfood Advertising), and external resources we reference.

We are not responsible for the privacy practices, content, or security of these external sites. When you click a link that takes you off our website, you are subject to the privacy policy and terms of the destination site. We encourage you to review the privacy policies of every site you visit.

When this policy changes.

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. When we do, we will:

• Update the “Last updated” and “Version” information at the top of this page.
• For material changes (those that meaningfully affect your rights), provide notice on the website at least 30 days before the changes take effect.
• Where required by law, obtain your renewed consent.

We encourage you to review this policy periodically. Your continued use of the website after changes take effect constitutes acceptance of the updated policy.